Hackaday Podcast 228: Bats, Eggs, Lasers, Duck Tape, And Assembly Language

July 21, 2023 by 1 Comment

Summer’s in full swing, and this week both Elliot and Dan had to sweat things out to get the podcast recorded. But the hacks were cool — see what I did there? — and provided much-needed relief. Join us as we listen in on the world of bats, look at a laser fit for a hackerspace, and learn how to make an array of magnets greater than — or less than — the sum of its parts. There’ll be flying eggs, keyboards connected to cell phones, and everything good about 80s and 90s cable TV, as well as some of the bad stuff. And you won’t want to miss Elliot putting Dan to shame with the super-size Quick Hacks, either, nor should you skip the Can’t Miss sweep with a pair of great articles by Al Williams.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download a long series of ones and zeroes that, when appropriately interpreted, sound like two people talking about nerdy stuff!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 228: Bats, Eggs, Lasers, Duck Tape, And Assembly Language”

2600 Breaks Free From DRM With PDF/EPUB Subscription

July 21, 2023 by 13 Comments

Hackaday has been online in some form or another since 2004, which for the Internet, makes us pretty damn old. But while that makes us one of the oldest surviving web resources for hacker types, we’ve got nothing on 2600 — they’ve been publishing their quarterly zine since 1984.

Summer 2023 Issue of 2600

While the physical magazine can still be found on store shelves, the iconic publication expanded into digital distribution some time ago, thanks largely to the Kindle’s Newsstand service. Unfortunately, that meant Amazon’s recent decision to shutter Newsstand threatened to deprive 2600 of a sizable chunk of their income. So what would any group of hackers do? They took matters into their own hands and spun-up their own digital distribution system.

As of today you’re able to subscribe to the digital version of 2600 in DRM-free PDF or EPUB formats, directly from the magazine’s official website. Which one you pick largely depends on how you want to read it: those looking for the highest fidelity experience should go with PDF, as it features an identical layout to the physical magazine, while those who are more concerned with how the content looks on their reader of choice would perhaps be better served by the flexibility of EPUB. After signing up you can download the current Summer issue immediately, with future issues hitting your inbox automatically. Load it onto your home-built Open Book, and you can really stick it to the establishment.

While the ending of this story seems to be a happy one, we can’t help but see it as a cautionary tale. How many other magazines would have the means and experience to offer up their own digital subscriptions? Or for that matter, how many could boast readers savvy enough to utilize it? The reality is many publications will be injured by Amazon’s decision, some mortally so. That’s a lot of power to be put into the hands of just one company, no matter how quick the shipping is.

This Week In Security: Dating App, WooCommerce, And OpenSSH

July 21, 2023 by 4 Comments

Up first this week is a report from vpnMentor, covering the unsecured database backing a set of dating apps, including 419 Dating. The report is a bit light on the technical details, like what sort of database this was, or how exactly it was accessed. But the result is 2.3 million exposed records, containing email address, photos — sometimes explicit, and more. Apparently also exposed were server backups and logs.

The good news here is that once [Jeremiah Fowler] discovered the database door unlocked and hanging open, he made a disclosure, and the database was secured. We can only hope that it wasn’t discovered by any bad actors in the meantime. The app has now disappeared from the Google Play store, and had just a bit of a sketchy air about it.

WooCommerce Under Siege

Back in March, CVE-2023-28121 was fixed in the WooCommerce plugin for WordPress. The issue here is an authentication bypass that allows an unauthenticated user to commandeer other user accounts.

Within a few months, working exploits had been derived from the details of the patch plugging the hole. It wasn’t hard. A function for determining the current user was explicitly trusting the contents of the X-WCPAY-PLATFORM-CHECKOUT-USER request header. Set that value in a request sent to the server, and ding, you’re administrator.

And now the cows are coming home to roost. Active exploitation started in earnest on July 14, and the folks at Wordfence clocked a staggering 1.3 million exploitation attempts on the 16th. What’s particularly interesting is that the Wordfence data gathering system saw a huge increase in requests for the readme.txt file that indicates the presence of the WooCommerce plugin on a WordPress site. These requests were observed before the attacks got started, making for an interesting early warning system. Continue reading “This Week In Security: Dating App, WooCommerce, And OpenSSH”

Turning A Quartz Clock Module Into A Time Reference

July 21, 2023 by 11 Comments

If you’re looking for a 1-second time reference, you’d probably just grab a GPS module off the shelf and use the 1PPS output. As demonstrated by [InazumaDenki], though, an old quartz clock module can also do the job with just a little work.

The module was harvested from an old Seiko wall clock, and features the familiar 32.768 KHz crystal you’d expect. This frequency readily divides down by 2 multiple times until you get a useful 1 Hz output. The module, originally designed to run a clock movement, can be repurposed with some basic analog electronics to output a useful time reference. [InazumaDenki] explains various ways this can be done, before demonstrating his favored method by building the device and demonstrating it with a decade counter.

It has some benefits over a GPS time reference, such as running at a much lower voltage and needing no external signal inputs. However, it’s also not going to be quite as accurate. Whether that matters to you or not depends on your specific application. Video after the break.

Continue reading “Turning A Quartz Clock Module Into A Time Reference”

Old Style 1802 Computer Has MMU

July 21, 2023 by 8 Comments

When you think of an MMU — a memory management unit — you probably think of a modern 32-bit computer. But [Jeff Truck] has a surprise. His new RCA 1802 computer has bank switching, allowing the plucky little processor to address 256K of RAM. This isn’t just the usual bank-switching design, either.

The machine has several unique features. For example, an Arduino onboard can control the CPU so that you can remotely control the bus. It does not, apparently, stand in for any of the microprocessor support chips. It also doesn’t add additional memory or control its access.

The 256K of memory is under the control of the MMU board. This board generates two extra address bits by snooping the executing instruction and figures out what register is involved in any memory access. Memory in the MMU stores a table that lets you set different memory pages for each register. This works even if the register is not explicit and also for the machine’s DMA and instruction fetch cycles. If you know about the RCA “standard call and return technique,” which also needed a little patching for the MMU. [Jeff] covers that at the end of the video below.

This is a very simple version of a modern MMU and is an impressive trick for a 50-something-year-old CPU. We were surprised to hear — no offense to [Jeff] — that the design worked the first time. Impressive! There’s also some 3D printing and other tips to pick up along the way. But we were super impressed with the MMU. You might never have to do this yourself (although you could), but you can still marvel that it can be done at all.

We have a soft spot for the 1802s, real or emulated. The original ELF was great, but 256K is a lot better than the original 256 bytes!

Continue reading “Old Style 1802 Computer Has MMU”

An Easy Z80 And VGA Upgrade For The Apple II

July 20, 2023 by 15 Comments

The Apple II was at the forefront of the home computer revolution when it came out in 1977. In its era, nobody really cared about hooking up the Apple II to a VGA monitor, but these days, it’s far easier than sourcing an original monitor. The V2 Analog is a useful tool that will let you do just that, plus some other neat tricks, besides.

As demonstrated on Youtube by [Adrian’s Digital Basement], The V2 Analog is basically a slot-in video card for the Apple II, II+, and IIe. It’s based upon the AppleII-VGA, which uses a Raspberry Pi Pico to snoop the 6502 CPU bus and copy the video memory. It then outputs a high-quality VGA signal that is far nicer than the usual composite output options.

As a bonus, the V2 Analog can be reconfigured to run as an emulated AppliCard Z80 expansion card instead. This card was originally intended to allow Apple II users to run CP/M applications. The V2 Analog does a great job in this role, though it bears noting it can’t handle VGA output and Z80 emulation at the same time.

Project files are available on Github for the curious. The Apple II may be long out of production, but it’s certainly not forgotten. Video after the break.

Continue reading “An Easy Z80 And VGA Upgrade For The Apple II”

Giant 3D Printer Can Print Life-Sized Human Statues

July 20, 2023 by 30 Comments

We’ve seen a few makers 3D scan themselves, and use those to print their own action figures or statuettes. Some have gone so far as building life-sized statues composed of many 3D printed parts. [Ivan Miranda] is no regular maker though, and his custom 3D printer is big enough that he can print himself a life-sized statue in one go.

The printer is a gargantuan thing, using an aluminium frame and a familiar Cartesian layout. It boasts a build volume of 1110 mm x 1110 mm x 2005 mm, making it more than big enough to print human-sized statues. Dogs, cats, and some great apes may be possible, too.

Many of the components are 3D printed, including the various braces and adapters that hold the frame together. The build uses NEMA 23 stepper motors, with Duet3D hardware running the show. Notably, it uses V-wheels for the Z-axis, as linear rails would be prohibitively expensive at the sizes required.

[Ivan] shows off the printer by having it produce a statue of his body at 1:1 scale. It’s not a perfect print, with some layer shifts and an awkward moments where the filament supply was interrupted. It took 108 hours in total, with 76 hours of that being actual print time, and is made up of 4375 layers. Despite its flaws, its an incredibly impressive way to demonstrate the capabilities of the machine.

Eager to build such a printer for yourself? [Ivan] will sell you the design files for a reasonable fee.

[Ivan]’s giant printer was once a large tabletop affair; just look how far it’s come. He’s even come up with a system for using smaller printers to create large-scale construction kits, too. We can’t wait to see what mad project he comes up with next. Video after the break.

Continue reading “Giant 3D Printer Can Print Life-Sized Human Statues”