3D Printing Support Gets Down To Tacks

February 10, 2023 by 9 Comments

If you use supports for FDM 3D printing, you might find that some designs are more amenable than others to automatically-generated supports. [Slant 3D] , for example, shows a cool-looking eagle with a downward-curved beak that comes to a point. Using traditional supports would allow the print to succeed, but didn’t allow the beak to form correctly. To combat this, he uses something called a “thumbtack” in the design. There are several flavors, as you can see in the video below, and it widens out the small part yet has a tiny contact with the actual part so you can easily remove it.

One of the thumbtacks looks more like a Hersey’s kiss to us. It makes sense. The point can touch the part to support and the fat base gives a nice target for the automatic support feature in your slicer to grab. There’s also a spherical base so you can rotate to odd angles. The final thumbtack looks like an alien spacecraft and provides multiple contact points.

Continue reading “3D Printing Support Gets Down To Tacks”

Bridging The Gap Between Dissimilar Road Types With Foam

February 10, 2023 by 27 Comments

When you think of driving up or down an embankment, do you ever wonder how much foam you’re currently driving on? Probably not, because it hardly seems like a suitable building material. But as explained by [Practical Engineering] in the video below the break, using an expanded material to backfill an embankment isn’t as dense as it sounds.

In many different disciplines, mating dissimilar materials can be difficult: Stretchy to Firm; Soft to Hard; Light to Heavy. It’s that last one, Light to Heavy, that is a difficult match for roadways. A bridge may be set down in bedrock, but the embankments approaching it won’t be. The result? Over time, embankment settles lower than the bridge does, causing distress for cars and motorists alike. What’s the solution?

To mitigate this, engineers have started to employ less dirty materials to build their otherwise soil based embankments. Lightweight concrete is one solution, but another is Expanded Polystyrene (EPS) foam. Its light weight makes installation simple in anything but a strong breeze, and it’s inexpensive and durable. When used properly, it can last many years and provide a stable embankment that won’t settle as far or as quickly as one made of dirt. Because as it turns out, dirt is heavy. Who knew?

Aside from roadways and bespoke aircraft, EPS foam has also been used for making home insulation. What’s your favorite use for EPS foam? Let us know in the comments below.

Continue reading “Bridging The Gap Between Dissimilar Road Types With Foam”

Hackaday Podcast 205: Hackaday Berlin, So Many Sundials, And Ovens Pinging Google

February 10, 2023 by 9 Comments

Editor-in-Chief Elliot Williams and Managing Editor Tom Nardi start this week’s episode off with the announcement of Hackaday Berlin on March 25th. It’s been quite some time since we’ve been on the other side of the pond, because we had to cancel 2020’s Hackaday Belgrade due to COVID-19, so excitement is high for all three days of this “one-day” event.

After a new What’s that Sound, discussion moves on to an impressive collection of DIY sundials, the impact filament color has on the strength of 3D printed parts, the incredible retrocomputer replicas of Michael Gardi, and the Arduino FPGA that you’ve probably never heard of. We’ll wrap things up with the unexpected difficulties of mixing multiple cheap audio sources in Linux, and try to figure out why our kitchen appliances need to be connected to the Internet.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in  the comments!

Download all the bits!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 205: Hackaday Berlin, So Many Sundials, And Ovens Pinging Google”

Bicopter Phone Case Might Be Hard To Pocket, But Delivers Autonomous Selfies

February 10, 2023 by 8 Comments

Remember that “PhoneDrone” scam from a while back? With two tiny motors and props that could barely lift a microdrone, it was pretty clearly a fake, but that doesn’t mean it wasn’t a pretty good idea. Good enough, in fact, that [Nick Rehm] came up with his own version of the flying phone case, which actually works pretty well.

In the debunking collaboration between [Mark Rober], [Peter Sripol], and the indispensable [Captain Disillusion], you’ll no doubt recall that after showing that the original video was just a CGI scam, they went on to build exactly what the video purported to do. But alas, the flying phone they came up with was manually controlled. While cool enough, [Nick Rehm], creator of dRehmFlight, can’t see such a thing without wanting to make it autonomous.

To that end, [Nick] came up with the DroneCase — a bicopter design that allows the phone to hang vertically. The two rotors are on a common axis and can swivel back and forth under control of two separate micro-servos; the combination of tilt rotors and differential thrust gives the craft full aerodynamic control. A modified version of dRehmFlight runs on a Teensy, while an IMU, a lidar module, and a PX4 optical flow sensor round out the sensor suite. The lidar and flow sensor both point down; the lidar is used to sense altitude, while the flow sensor, which is basically just the guts from an optical mouse, watches for translation in the X- and Y-axes.

After a substantial amount of tuning and tweaking, the DroneCase was ready for field tests. Check out the video below for the results. It’s actually quite stable, at least as long as the batteries last. It may not be as flexible as a legit drone, but then again it probably costs a lot less, and does the one thing it does quite well without any inputs from the user. Seems like a solid win to us.

Continue reading “Bicopter Phone Case Might Be Hard To Pocket, But Delivers Autonomous Selfies”

This Week In Security: ImageMagick, VBulletin, And Dota 2

February 10, 2023 by 3 Comments

There are a few binaries that wind up running in a bunch of places, silently do their jobs, and being easily forgotten about. ImageMagick is used on many servers for image conversion and resizing, and tends to run automatically on uploaded images. Easily forgotten, runs automatically, and with arbitrary inputs. Yep, perfect target for vulnerability hunting. And the good folks at Metabase found two of them.

First up is CVE-2022-44267, a Denial of Service, when ImageMagick tries to process a rigged PNG that contains a textual chunk. This data type is usually used for metadata, and can include a profile entry for something like EXIF data. If this tag is specified inside a text chunk, ImageMagick looks to the given value as a filename for finding that profile data. And notably, if that value is a dash -, it tries to read from standard input. If the server’s image processing flow doesn’t account for that quirk, and virtually none of them likely do, this means the ImageMagick process hangs forever, waiting for the end of input. So while that’s not usually a critical problem, it could be used for a resource exhaustion attack.

But the real problem is CVE-2022-44268. It’s the same trick, but instead of using - to indicate standard input, the processed image refers to a file on the server filesystem. If the file exists, and can be read, the contents are included in the image output. If the attacker has access to the image, it’s a slick data leak — and obviously a real security problem. If a server doesn’t have tight file permissions and isolation, there’s plenty of sensitive information to be found and abused.

The fix landed back in October 2022, and was part of the 7.1.0-52 release. There’s a bit of uncertainty about which versions are vulnerable, but I wouldn’t trust anything older than that version. It’s a pretty straightforward flaw to understand and exploit, so there’s a decent chance somebody figured it out before now. The file exfiltration attack is the one to watch out for. It looks like there’s an Indicator of Compromise (IoC) for those output PNGs: “Raw profile type”. Continue reading “This Week In Security: ImageMagick, VBulletin, And Dota 2”

Modernizing C Arrays For Greater Memory Safety

February 10, 2023 by 75 Comments

Lately, there has been a push for people to stop using programming languages that don’t promote memory safety. But as we still haven’t seen the death of some languages that were born in the early 1960s, we don’t think there will be much success in replacing the tremendous amount of software that uses said “unsafe” languages.

That doesn’t mean it’s a hopeless cause, though. [Kees Cook] recently posted how modern C99 compilers offer features to help create safer arrays, and he outlines how you can take advantage of these features. Turns out, it is generally easy to do, and if you get errors, they probably point out unexpected behavior in your original code, so that’s a plus.

We don’t think there’s anything wrong with C and C++ if you use them as you should. Electrical outlets are useful until you stick a fork in one. So don’t stick a fork in one. We really liked the recent headline we saw from [Sarah Butcher]: “If you can’t write safe C++ code, it’s because you can’t write C++.” [Cook’s] post makes a similar argument.  C has advanced quite a bit and the fact that 30-year-old code doesn’t use these new features isn’t a good excuse to give up on C.

Continue reading “Modernizing C Arrays For Greater Memory Safety”

Homebrew Ball Drop Machine Rings In The New Year

February 10, 2023 by No comments

The New Year’s Ball Drop in New York City stems from an old English naval tradition. These days, it’s more of a celebratory thing, and [Jon Gonzalez] wanted to bring a bit of that joy to his own celebrations. Thus enter the Ball-Drop-O-Matic 3000.

The ball itself consists of two 3D printed halves assembled together with a linear bearing in the middle. It’s loaded up with a ton of addressable LEDs to give it plenty of flash, pomp, and circumstance as it rides down the flagpole. Animations are coded in to the K-1000C display controller using LEDEdit2014, an older piece of software which can turn Flash animations into commands to run WS2812B LED strips.

Lowering the ball is handled by a motorized winch. The winch is mounted at the base of the flagpole for aesthetic reasons, with the cable travelling up to the top of the pole, over a pulley, and back down to the ball. The descent speed is set to countdown the last minute of the year, with numbers animated on the ball itself.

The build was clearly a great addition to [Jon’s] New Years celebrations, even if it wasn’t quite finished until 9:35 PM on the big night. We’ve seen other fun ball drop builds before, too.

Continue reading “Homebrew Ball Drop Machine Rings In The New Year”