A Simple Laser Harp MIDI Instrument

June 19, 2024 by 5 Comments

Craig Lindley is a technical author and a prolific maker of things. This simple project was his first attempt to create a laser harp MIDI device. While on vacation, Craig saw a laser harp with only three strings and decided to improve upon it by expanding it to twelve strings. The principle of operation is straightforward: twelve cheap diode laser modules aim a beam towards an LDR, which changes resistance if the light level changes when the beam is interrupted.

The controller is a simple piece of perf board, with a Wemos D1 mini ESP32 module flanked by some passives, a barrel socket for power, and the usual DIN connector for connecting the MIDI instrument. Using the ESP32 is a smart choice, removing all the need for configuration and user indication from the physical domain and pushing it onto a rarely-needed webpage. After a false start, attempting to use a triangular frame arrangement, [Craig] settled upon a simple linear arrangement of beams held within a laser-cut wooden box frame. Since these laser modules are quite small, some aluminium rod was machined to make some simple housings to push them into, making them easier to mount in the frame and keeping them nicely aligned with their corresponding LDR.

Sadly, the magnetic attachment method [Craig] used to keep the LDRs in place and aligned with the laser didn’t work as expected, so it was necessary to reach for the hot glue. We’ve all done that!

An interesting addition was using an M5 stack Unit-Synth module for those times when a proper MIDI synthesiser was unavailable. Making this luggable was smart, as people are always fascinated with laser harps. That simple internal synth makes travelling to shows and events a little easier.

Laser harps are nothing new here; we have covered plenty over the years. Like this nice build, which is more a piece of art than an instrument, one which looks just like a real harp and sounds like one, too, due to the use of the Karplus-Strong algorithm to mimic string vibrations.

This Week In Security: Unicode Strikes Again, Trust No One (Redditor), And More

June 14, 2024 by 7 Comments

There’s a popular Sysadmin meme that system problems are “always DNS”. In the realm of security, it seems like “it’s always Unicode“. And it’s not hard to see why. Unicode is the attempt to represent all of Earth’s languages with a single character set, and that means there’s a lot of very similar characters. The two broad issues are that human users can’t always see the difference between similar characters, and that libraries and applications sometimes automatically convert exotic Unicode characters into more traditional text.

This week we see the resurrection of an ancient vulnerability in PHP-CGI, that allows injecting command line switches when a web server launches an instance of PHP-CGI. The solution was to block some characters in specific places in query strings, like a query string starting with a dash.

The bypass is due to a Windows feature, “Best-Fit”, an automatic down-convert from certain Unicode characters. This feature works on a per-locale basis, which means that not every system language behaves the same. The exact bypass that has been found is the conversion of a soft hyphen, which doesn’t get blocked by PHP, into a regular hyphen, which can trigger the command injection. This quirk only happens when the Windows locale is set to Chinese or Japanese. Combined with the relative rarity of running PHP-CGI, and PHP on Windows, this is a pretty narrow problem. The XAMPP install does use this arrangement, so those installs are vulnerable, again if the locale is set to one of these specific languages. The other thing to keep in mind is that the Unicode character set is huge, and it’s very likely that there are other special characters in other locales that behave similarly.

Downloader Beware

The ComfyUI project is a flowchart interface for doing AI image generation workflows. It’s an easy way to build complicated generation pipelines, and the community has stepped up to build custom plugins and nodes for generation. The thing is, it’s not always the best idea to download and run code from strangers on the Internet, as a group of ComfyUI users found out the hard way this week. The ComfyUI_LLMVISION node from u/AppleBotzz was malicious.

The node references a malicious Python package that grabs browser data and sends it all to a Discord or Pastebin. It appears that some additional malware gets installed, for continuing access to infected systems. It’s a rough way to learn. Continue reading “This Week In Security: Unicode Strikes Again, Trust No One (Redditor), And More”

Make Your Code Slower With Multithreading

June 7, 2024 by 51 Comments

With the performance of modern CPU cores plateauing recently, the main performance gains are with multiple cores and multithreaded applications. Typically, a fast GPU is only so mind-bogglingly quick because thousands of cores operate in parallel on the same set of tasks. So, it would seem prudent for our applications to try to code in a multithreaded fashion to take advantage of this parallelism. Or so it would seem, but as [Marc Brooker] illustrates, it’s not as simple as one would assume, and it’s very easy to end up with far worse overall performance and no easy way to fix it.

[Marc] was rerunning an old experiment to calculate the expected number of birthdays in a shared group of people using brute force. The experiment was essentially a tight loop running a pseudorandom number generator, the standard libc rand() function. [Marc] profiled the code for single-thread and multithreaded versions and noted the runtime dramatically increased beyond two threads. Something fishy was going on. Running perf, [Marc] noted that there were significant L1 cache misses, but the real killer for performance was the increase in expensive context switches.  Perf indicated that for four threads, the was an overhead of nearly 50% servicing spin locks. There were no locks in the code, so after more perf magic, the syscalls taking all the time were identified.  Something in there was using a futex (or fast userspace mutex) a whole lot.

Continue reading “Make Your Code Slower With Multithreading”

Tarzan, Lost Since 1983, Swings Back Onto The Atari 2600

June 6, 2024 by 12 Comments

Computer gaming history is littered with tales of fabled lost hardware and software. Some of them are very famous such as the E.T. cartridges buried in a desert landfill or the few prototype SNES/CD-ROM hybrid that Nintendo was developing with Sony before the introduction of the PlayStation, but others have faded somewhat into obscurity. Among these is Tarzan for the Atari 2600, a game which was never released due to the 1983 console crash, and which the [Video Game History Foundation] have a report on its rediscovery and preservation.

The game was to be published by Coleco for their ColecoVision console as well as the 2600. The ColecoVision version was released and was apparently even fairly well reviewed, but the Atari port was canceled and its very existence eventually faded into obscurity.

Continue reading Tarzan, Lost Since 1983, Swings Back Onto The Atari 2600″

Displays We Like Hacking: HDMI

June 5, 2024 by 26 Comments

I don’t like HDMI. Despite it being a pretty popular interface, I find crucial parts of it to be alien to what hackers stand for. The way I see it, it manages to be proprietary while bringing a lot of the old cruft in. It doesn’t have a native alternative like DisplayPort, so portable implementations tend to suffer power-wise; the connector situation is interesting, and the HDMI Foundation has been doing some weird stuff; in particular, they are pretty hostile to open-source technology.

This article is not the place for such feelings, however, especially since I’ve expressed them enough in the DisplayPort article. We the hackers deserve to be able to handle the interfaces we stumble upon, and I firmly believe in that way more than in my right to animosity towards HDMI.

The HDMI interface is seriously prominent wherever you look, in part because it’s the interface created by the multimedia-involved companies for the multimedia-involved companies. Over the years we’ve had it, it’s been more than sufficient for basically everything we do video-wise, save for the highest resolutions.

It’s also reasonably simple to wire up, hack on, and even bitbang. Let’s go through what makes it tick.

The Core

HDMI is, at its core, three differential pairs for data, plus one pair to clock them and in the darkness bind them. It’s a digital interface, though it is a fun one. This makes it way more suitable for higher-distance video transmissions than interfaces like VGA, and as long as you stick to relatively low resolutions, HDMI won’t have as many asks in terms of PCB layout as DisplayPort might, thanks to HDMI link speeds scaling proportionally with the display resolution.

Continue reading “Displays We Like Hacking: HDMI”

A Treasure Trove In An English Field

June 3, 2024 by 12 Comments

This is being written in a tent in a field in Herefordshire, one of the English counties that borders Wales. It’s the site of Electromagnetic Field, this year’s large European hacker camp, and outside my tent the sky is lit by a laser light show to the sound of electronic music. I’m home.

One of the many fun parts of EMF is its swap table. A gazebo to which you can bring your junk, and from which you can take away other people’s junk. It’s an irresistible destination which turns a casual walk into half an hour pawing through the mess in search of treasure, and along the way it provides an interesting insight into technological progress. What is considered junk in 2024?

Something for everyone

As always, the items on offer range from universal treasures of the I-can’t-believe-they-put that-there variety, through this-is-treasure-to-someone-I’m-sure items, to absolute junk. Some things pass around the camp like legends; I wasn’t there when someone dropped off a box of LED panels for example, but I’ve heard the story relayed in hushed tones several times since, and even seen some of the precious haul. A friend snagged a still-current AMD processor and some Noctua server fans as another example, and I’m told that amazingly someone deposited a Playstation 5. But these are the exceptions, in most cases the junk is either very specific to something, or much more mundane. I saw someone snag an audio effects unit that may or may not work, and there are PC expansion cards and outdated memory modules aplenty.

Finally, there is the absolute junk, which some might even call e-waste but I’ll be a little more charitable about. Mains cables, VGA cables, and outdated computer books. Need to learn about some 1990s web technology? We’ve got you covered. Continue reading “A Treasure Trove In An English Field”

Using The Moiré Effect For Unique Clock Face

June 3, 2024 by 13 Comments

If you’ve ever seen artifacts on a digital picture of a computer monitor, or noticed an unsettling shifting pattern on a TV displaying someone’s clothes which have stripes, you’ve seen what’s called a Moiré pattern where slight differences in striping of two layers create an emergent pattern. They’re not always minor annoyances though; in fact they can be put to use in all kinds of areas from art to anti-counterfeiting measures. [Moritz] decided to put a few together to build one of the more unique clock displays we’ve seen.

The clock itself is made of four separate Moiré patterns. The first displays the hours with a stretching pattern, the second and third display the minutes with a circular pattern, and the seconds are displayed with a a spiral type. The “hands” for the clock are 3D printed with being driven by separate stepper motors with hall effect sensors for calibration so that the precise orientation of the patterns can be made. A pair of Arduinos control the clock with the high-accuracy DS3231 module keeping track of time, and [Moritz] built a light box to house the electronics and provide diffuse illumination to the display.

Moiré patterns can be used for a number of other interesting use cases we’ve seen throughout the years as well. A while back we saw one that helps ships navigate without active animations or moving parts and on a much smaller scale they can also be used for extremely precise calipers.

Continue reading “Using The Moiré Effect For Unique Clock Face”